From c2d053424045c76049582507cd7831918fa870a7 Mon Sep 17 00:00:00 2001
From: John Mulligan <jmulligan@redhat.com>
Date: Wed, 16 Jul 2025 17:08:49 -0400
Subject: [PATCH] python-common/deployment: add keybridge feature to smb
 service spec

The keybridge sidecar is enabled by the keybridge feature flag.
This sidecar will be used to help fetch keys over various protocols
for the ceph module to use to set up fs encryption.

Signed-off-by: John Mulligan <jmulligan@redhat.com>
(cherry picked from commit 576e66c85500abb4f8893e520ae764c6e9514a80)
---
 src/python-common/ceph/deployment/service_spec.py | 7 +++++++
 src/python-common/ceph/smb/constants.py           | 3 +++
 2 files changed, 10 insertions(+)

diff --git a/src/python-common/ceph/deployment/service_spec.py b/src/python-common/ceph/deployment/service_spec.py
index b773a17d12c..e24aa5fd853 100644
--- a/src/python-common/ceph/deployment/service_spec.py
+++ b/src/python-common/ceph/deployment/service_spec.py
@@ -3740,6 +3740,10 @@ class SMBSpec(ServiceSpec):
         remote_control_ssl_cert: Optional[str] = None,
         remote_control_ssl_key: Optional[str] = None,
         remote_control_ca_cert: Optional[str] = None,
+        # == keybridge ==
+        keybridge_kmip_ssl_cert: Optional[str] = None,
+        keybridge_kmip_ssl_key: Optional[str] = None,
+        keybridge_kmip_ca_cert: Optional[str] = None,
         # --- genearal tweaks ---
         extra_container_args: Optional[GeneralArgList] = None,
         extra_entrypoint_args: Optional[GeneralArgList] = None,
@@ -3777,6 +3781,9 @@ class SMBSpec(ServiceSpec):
         self.remote_control_ssl_cert = remote_control_ssl_cert
         self.remote_control_ssl_key = remote_control_ssl_key
         self.remote_control_ca_cert = remote_control_ca_cert
+        self.keybridge_kmip_ssl_cert = keybridge_kmip_ssl_cert
+        self.keybridge_kmip_ssl_key = keybridge_kmip_ssl_key
+        self.keybridge_kmip_ca_cert = keybridge_kmip_ca_cert
         self.validate()
 
     def validate(self) -> None:
diff --git a/src/python-common/ceph/smb/constants.py b/src/python-common/ceph/smb/constants.py
index bc2961de49a..6d8a143f2de 100644
--- a/src/python-common/ceph/smb/constants.py
+++ b/src/python-common/ceph/smb/constants.py
@@ -8,9 +8,11 @@ CTDB = 'ctdb'
 
 
 # Feature names
+# (please keep sorted)
 CEPHFS_PROXY = 'cephfs-proxy'
 CLUSTERED = 'clustered'
 DOMAIN = 'domain'
+KEYBRIDGE = 'keybridge'
 REMOTE_CONTROL = 'remote-control'
 SMBMETRICS = 'smbmetrics'
 
@@ -22,6 +24,7 @@ FEATURES = {
     CEPHFS_PROXY,
     CLUSTERED,
     DOMAIN,
+    KEYBRIDGE,
     REMOTE_CONTROL,
 }
 
-- 
2.47.3